zData Security on AWS

Protecting the confidentiality, integrity and availability of data in the cloud is a key element to zData’s Amazon Web Service architecture design. zData builds upon AWS security to meet demanding Enterprise Big Data environment needs. zData works with the client to design and deploy a secure-by-default AWS infrastructure by utilizing proven, stable and current technologies:

Screen Shot 2015-08-18 at 11.12.29 AM

Enterprise Identity and Access Management (IAM) System Integration

zData incorporates Big Data services for secure user access and authorization leveraging existing IAM systems. These systems include the following commonly used components:

  • Microsoft Active Directory
  • SSO
  • Multi-Factor Authentication
  • Linux System Security Services Daemon (SSSD)
  • Apache Knox
  • Apache Ranger
  • OpenLDAP
  • MIT Kerberos v5

Secure AWS Network Architecture

Design corporate network connection to AWS using one of the methods below:

  • Over the Internet via AWS VPN Gateway using encrypted tunnels
  • Dedicated AWS Direct Connect which establishes private connectivity between AWS and the corporate datacenter, office, or colocation environment

Virtual Private Cloud (VPC) network configuration includes controlled access to subnets divided by application type via AWS Security Groups and ACLs

 

Data Encryption At Rest/In Transit

  • SSL
  • SSH
  • VPN
  • pgcrypto
  • 3rd Party Encryption Tools

Security-Enhanced Linux (SELinux)

  • Developed by the NSA, SELinux integrates a robust and flexible Mandatory Access Architecture (MAC) framework into the Linux kernel.
  • SELinux allows enforcement of security policies on the Linux OS for separation of information based on confidentiality and integrity requirements.